|
291241
|
- |
|
jenkins
|
jenkins
|
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7330
|
2024-11-21 11:00 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291242
|
- |
|
perl
|
cgi_application_module
|
The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via ve…
|
CWE-200
Information Exposure
|
CVE-2013-7329
|
2024-11-21 11:00 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291243
|
- |
|
linecorp
|
line
|
LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive …
|
CWE-310
Cryptographic Issues
|
CVE-2013-7144
|
2024-11-21 11:00 |
2014-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291244
|
- |
|
cobham
|
aviator_300
sailor_fleetbroadband_150
sailor_900_vsat
aviator_350
sailor_fleetbroadband_250
explorer_bgan
aviator_200
sailor_fleetbroadband_500
aviator_700d
|
Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtai…
|
NVD-CWE-Other
|
CVE-2013-7180
|
2024-11-21 11:00 |
2014-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291245
|
- |
|
zoll
|
monitor\/defibrillator
|
ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of …
|
CWE-255
Credentials Management
|
CVE-2013-7395
|
2024-11-21 11:00 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291246
|
- |
|
splunk
|
splunk
|
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT…
|
CWE-94
Code Injection
|
CVE-2013-7394
|
2024-11-21 11:00 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291247
|
- |
|
apache
|
subversion
|
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfil…
|
CWE-59
Link Following
|
CVE-2013-7393
|
2024-11-21 11:00 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291248
|
- |
|
gitlist
|
gitlist
|
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.
|
NVD-CWE-Other
|
CVE-2013-7392
|
2024-11-21 11:00 |
2014-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291249
|
- |
|
entity_api_project
|
entity_api
|
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7391
|
2024-11-21 11:00 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291250
|
- |
|
dlink
|
dir-645_firmware
dir-645
|
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid …
|
CWE-79
Cross-site Scripting
|
CVE-2013-7389
|
2024-11-21 11:00 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
